<?php
	#############################################################################################
	# Programmer: สมบูรณ์  กองลี																#
	# Email		: hugo8xx@hotmail.com.															#
	#############################################################################################
	
	if (isset($_POST["PHPSESSID"])) {
		session_id($_POST["PHPSESSID"]);
	} else if (isset($_GET["PHPSESSID"])) {
		session_id($_GET["PHPSESSID"]);
	}
	session_start();

	$ss_id			= session_id();
	$_SESSION['m']	= $_SESSION['m'] ? $_SESSION['m'] : array();
	if(!$_SESSION['m']['user_id']) {
		header("location: /backend/login.html");
		exit;
	}

	extract($_SESSION['m'], EXTR_PREFIX_ALL , "ss");

	function AclMod($user_id) {
		$sql = "SELECT * FROM `control_acl` WHERE `user_id` = '$user_id'";
		$query = mysql_query($sql);

		$mod = array();
		while($result = mysql_fetch_assoc($query)) {
			$mod[$result['mod_id']]	= $result['mod_id'];
		}
		mysql_free_result($query);
		return $mod;
	}

	function AclLog($action, $user_id='NULL') {
		$action = $action ? $action : '/';
		if($_SERVER["REQUEST_METHOD"]=='POST') {
			$params = http_build_query($_POST);
		} else { 
			$params = http_build_query($_GET); 
		}
		$headers = array();
		foreach (apache_request_headers() as $k => $v) {
			$headers[] = $k.': '.$v;
		}
		$headers = implode(PHP_EOL, $headers);
		$ip		= $_SERVER['REMOTE_ADDR'];
		$ipx	= $_SERVER['HTTP_X_FORWARDED_FOR'] ? "'".$_SERVER['HTTP_X_FORWARDED_FOR']."'" : 'NULL';
		$sql	= "INSERT INTO `control_log` (`log_id`, `action`, `params`, `headers`, `ip`, `ipx`, `date`, `user_id`) VALUES ('', '$action', '$params', '$headers', '$ip', $ipx, NOW(), $user_id)";
		return mysql_query($sql);

	}

	function AclCC($url) {
		if($url==''){return;}
		$sql  = "SELECT * FROM `control_mod` WHERE '$url' REGEXP CONCAT('^', `url`) LIMIT 1";
		$query = mysql_query($sql);
		while($result = mysql_fetch_assoc($query)) {
			$mod_id = $result['mod_id'];
			
			if(!in_array($mod_id, $_SESSION['m']['mod'])) {
				sleep(2);
				header('location: /');
				exit;
			}
		}
		mysql_free_result($query);
	}
?>